Cyber insurers are opting to pay off hackers in ransomware attacks instead of attempting to restore backup files, according to an investigation by ProPublica.
In a ransomware attack, a hacking organisation will shut down an enterprise's core systems or encrypt access to essential data and demand payment for release -- i.e. extortion. Enterprises with strong IT security may have backup files and recovery processes in place, but insurers are finding that it is cheaper in the short-run to pay off the hackers.
The calculus by the insurer is straight forward: Often the potential claim, which covers lost revenue while the insured is unable to operate, is greater than the ransom amount. Hence the carrier pays the ransom.
MTech Capital portfolio company Corvus recently released a tool that restricts remote desktop access to a network - a key entry point for ransomware attacks. Ransomware claims have fallen by 65% as a result of the initiative.
In recent years, cyber insurance sold by domestic and foreign companies has grown into an estimated $7 billion to $8 billion-a-year market in the U.S. alone, according to Fred Eslami, an associate director at AM Best, a credit rating agency that focuses on the insurance industry. While insurers do not release information about ransom payments, ProPublica has found that they often accommodate attackers’ demands, even when alternatives such as saved backup files may be available.